PURSUANT TO EU REGULATION 2016/679 – GDPR
In compliance with the obligations deriving from the legislation on the protection of personal data, we inform you that this site www.centrotessilemilano.it respects and protects the privacy of visitors and users. Given that the Data Controller will be in possession of data relating to you, qualified as personal from
Aforementioned regulation, we communicate the following:
IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER
The data controller is Consorzio Centro Tessile Milano, S.S. 11 Padana Superiore, 16-18 20063 Cernusco sul Naviglio (MI), tel: 02 92103722, mail ctm@ctmilano.com
DATA PROCESSED AND PURPOSE OF THE TREATMENT
Your personal data and navigation data are processed. As in all websites, some information is collected in an automated manner during user visits: internet protocol address (IP), type of browser and parameters of the device used to connect to the site, name of the internet service provider (ISP), date and time of visit, web page of origin of the visitor (referral) and exit, possibly the number of clicks. The data collected by the site during its operation are used exclusively for the purposes indicated below and kept for the time strictly necessary to carry out the activities specified. The legal basis that legitimizes the processing of such data is the need to make the functionalities of the company website usable as a result of User access. The data provided voluntarily by the User, on the other hand, such as name and surname, company name, tax code and VAT number, address, telephone / fax, e-mail, bank and payment references, are instead those necessary for the Data Controller to provide the services available. and are treated lawfully and fairly, they are also collected and recorded for the specific, explicit and legitimate purposes indicated below, and are used in processing operations that are not incompatible with these purposes. Personal data is collected and processed for the following purposes: analysis of site visits for statistical purposes, data collection of contacts to the site for the purpose of fulfilling user / visitor requests and for future commercial initiatives, customer relationship activities on the basis of pre-contractual and contractual agreements, administrative, fiscal or internal accounting purposes connected to the customer-supplier relationship and to fulfill the obligations generally provided for by the Data Controller by laws or regulations, by community legislation, by requests from the judicial authority or to exercise the rights of the Data Controller (for example the right to defense in court), in the presence of specific and distinct consent of the User, for marketing purposes: sending (via e-mail, post, text message or telephone contact) of newsletters, updates on the activities of the owner, advertising material or commercial communications – possibly also customized on the basis of cons User (profiling) – on products or services offered by the Owner that the User may consider to be of interest to you and to detect the degree of satisfaction with the quality of the services, including requests for participation in market analyzes or research sending curriculum vitae, exclusively for personnel selection purposes and for the establishment of an employment relationship.
SECURITY MEASURES AND PROCESSING METHODS
This site processes user data in a lawful and correct manner, adopting appropriate security measures to prevent unauthorized access, disclosure, modification, theft or destruction of data. The processing is carried out using IT and / or telematic tools, with organizational methods and with logic strictly related to the purposes indicated. In addition to the owner, in some cases, categories of employees involved in the organization of the site (administrative, commercial, marketing, legal, system administrators) or external subjects (such as suppliers of third party technical services, commercial agents) may have access to the data. , postal couriers, hosting providers, IT companies, communication agencies). The processing of the User’s personal data is carried out by means of the operations of: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. The User’s personal data are collected following direct sending to the Data Controller, by filling in forms or forms in general prepared for this purpose, also included in contractual documents. The collected data are recorded and stored by the Data Controller in computer and paper archives, as well as kept and controlled in such a way as to minimize the risk of destruction or even accidental loss, unauthorized access and processing that is not permitted or does not comply with the purposes. of the collection. The data are processed by employees or collaborators of the Data Controller, duly instructed in this regard.
NATURE OF DATA COMMUNICATION AND LEGAL BASIS OF PROCESSING
The provision of personal data relating to the processing is optional. However, failure to provide the data, partial or total, may result in the partial or total impossibility of establishing or continuing the relationship with the User, to the extent that such data are necessary for the execution of the same. The provision of data for marketing purposes is also optional. The User can therefore decide not to provide any data or subsequently deny the possibility of processing data already provided: in this case, he will not be able to receive newsletters, commercial communications and advertising material in general relating to the services and products offered by the Data Controller. The legal basis that legitimizes the processing of data in reference to pre-contractual and contractual agreements and administrative, accounting or tax purposes is the execution of a service supply contract of which the User is a party, or the performance of pre-contractual activities upon request. of the User. In cases of marketing and profiling as well as curriculum vitae, the legal basis is the consent freely given by the User.
POSSIBLE RECIPIENTS OF PERSONAL DATA AND TRANSFER OF DATA TO A THIRD COUNTRY
The processing of User data is carried out by the Data Controller’s internal staff (employees, collaborators, System Administrators), identified and authorized for processing according to instructions that are given in compliance with current legislation on privacy and data security. If this is necessary for the aforementioned purposes, the User’s personal data may be processed by third parties appointed as professionals, companies, associations or professional firms that provide the Data Controller with assistance or advice for administrative, accounting, tax, legal purposes or for the selection of the personnel, Bodies envisaged by current accounting and tax legislation as recipients of mandatory communications, banking institutions for collections and payments, professionals for analysis and market research services, for the management of payments via credit cards or electronic payment instruments in general, sales agents, postal couriers. This site may share some of the data collected with services located outside the European Union area. In particular with Google, Facebook and Microsoft (LinkedIn) through social plugins and the Google Analytics service. The transfer is authorized on the basis of the EU decision 1250/2016 Privacy Shield, for which no further consent is required, guaranteeing the companies mentioned above their membership.
PERIOD OF STORAGE OF PERSONAL DATA
The User’s personal data will be processed and stored by the Data Controller for the fulfillment of the user’s request or for the entire duration of any contractual relationship as well as for the relative product warranty period; at the end of the same they will be kept for the time provided – for each category of data – by the current accounting, tax, civil and procedural legislation. For marketing and profiling purposes only, the User’s personal data will be processed and stored by the Data Controller for a period of respectively 24 and 12 months. For the sole purpose of personnel research, the User’s personal data may be processed and stored by the Data Controller for a maximum of 12 months from the date of receipt.
USER RIGHTS AND METHOD OF EXERCISING YOUR RIGHTS
In his capacity as Data Subject and in relation to the treatments described in this Notice, the User has:
- right of access – Article 15 of the GDPR: the right to obtain confirmation as to whether or not personal data concerning him is being processed and, in this case, to obtain access to such personal data, including a copy of the same;
- right of rectification – Article 16 of the GDPR: right to obtain, without undue delay, the correction of inaccurate personal data concerning the User and / or the integration of incomplete personal data;
- right to cancellation (right to be forgotten) – Article 17 GDPR: right to obtain, without undue delay, the cancellation of personal data concerning him;
- right to limitation of treatment – Article 18 GDPR: right to obtain the limitation of treatment, when: the interested party disputes the accuracy of personal data, for the period necessary for the Data Controller to verify the accuracy of such data; the processing is unlawful and the interested party opposes the cancellation of personal data and instead requests that its use be limited; personal data are necessary for the interested party to ascertain, exercise or defend a right in court; the interested party opposed the processing pursuant to art. 21 GDPR, in the period of waiting for the verification of the possible prevalence of legitimate reasons of the Data Controller with respect to those of the interested party;
- right to data portability – article 20 GDPR: right to receive, in a structured format, commonly used and readable by an automatic device, the personal data concerning him provided to the Data Controller and the right to transmit them to another Data Controller without impediments, if the processing is based on consent and is carried out by automated means;
- right to object – article 21 GDPR: right to object, at any time for reasons connected with your particular situation, to the processing of personal data concerning you based on the condition of lawfulness of legitimate interest or the execution of a task of public interest the exercise of public authority, including profiling, unless there are legitimate reasons for the Data Controller to continue the processing that prevail over the interests, rights and freedoms of the interested party or for the assessment, exercise or defense of a law in court. Furthermore, the right to object to processing at any time if personal data are processed for direct marketing purposes, including profiling, to the extent that it is connected to such direct marketing;
- right of revocation – Article 7 of the GDPR: the User has the right to revoke their consent at any time. The withdrawal of consent does not affect the lawfulness of the processing based on consent before the withdrawal;
- right of complaint – Article 77 GDPR: the User has the right to lodge a complaint with the Guarantor Authority for the protection of personal data, Piazza di Montecitorio 121, 00186, Rome (RM). To exercise the rights as indicated in this Notice as well as to receive any information relating to them, the User may contact the Data Controller in writing who will take charge of the request and provide the User, without undue delay and in any case, at the latest, within one month of receiving it, information relating to the action taken regarding the request. The exercise of rights by the User is free pursuant to Article 12 of the GDPR, however, in the case of manifestly unfounded or excessive requests, also due to their repetitiveness, the Data Controller may charge the User a reasonable cost contribution, to the light of the administrative costs incurred to manage your request, or deny the satisfaction of your request.